Security issue with home directories

[Aaron Knauf]

I have read the posts in the archives, and the mention in the DOMAIN.txt
file regarding the home directory remaining connected after logout.  I
am not sure if this is the same problem, or not.  Either way, I would
love to know if anyone has a fix.

My setup is as follows -

Server - RedHat linux 6.0, Samba-2.0.5a (RH6 rpm). Samba is setup as a
PDC.

Client - NT Workstation 4.0 SP4.

The problem goes like this -
User "joeadmin" logs on to the samba domain, then browses his home share
(\\sambaserver\joeadmin) via network neighborhood. He then logs off.

User "freduser" logs on to the samba domain, from the same PC. He is
then able to browse his own home share (\\sambaserver\freduser) in
addition to being able to browse the home share of joeadmin! (He
shouldn't even be able to *see* the other user's share!)

I have confirmed that unix permissions are set to exclude freduser from
access to joeadmin's directory (and vice versa), by the following -

chmod -R g-rwx,o-rwx /home/joeadmin
chown -R joeadmin:joeadmin /home/joeadmin

... and the same for freduser.

I have confirmed that freduser has complete access to joeadmin's files
by creating and deleting a number of them and also reading from existing
ones.  The created files have user and group owners of joeadmin.

The /etc/smbuser file has no mapping that might cause this (there are
only two lines, so it would be easy to spot).
The /etc/smb.conf file has no admin users=freduser or anything else
suspicious.

This is a newly installed, test system ( - both the server and the
client).


If anyone has any light to shed on this one, it would be much
appreciated.

Cheers

Aaron Knauf
Technical Consultant
Computing Edge Limited
Auckland, New Zealand
aaron at compedge.co.nz